About the role
About Decagon
Decagon is the leading conversational AI platform empowering every brand to deliver concierge customer experiences.
Our technology enables industry-defining enterprises like Avis Budget Group, Block’s Cash App and Square, Chime, Oura Health, and Hunter Douglas to deploy AI agents that power personalized, deeply satisfying interactions across voice, chat, email, SMS, and every other channel.
We’re building a future where customer experiences are being redefined from support tickets and hold music to faster resolutions, richer conversations, and deeper relationships. We’re proud to be backed by world-class investors who share that vision, including a16z, Accel, Bain Capital Ventures, Coatue, and Index Ventures, along with many others.
We’re an in-office company, driven by a shared commitment to excellence and velocity. Our values — Just Get It Done, Invent What Customers Want, Winner’s Mindset, and The Polymath Principle — shape how we work and grow as a team.
About the Team
The Security Engineering team at Decagon protects the platform that powers the most advanced conversational AI agents for enterprise customers across voice, chat, email and SMS. We build the security foundations that enable Decagon's AI agents to handle sensitive customer data with trust while defending against sophisticated, AI-enabled threats at massive scale.
Our mission is to provide magical support experiences — ensuring that AI agents and human agents can collaborate safely to help users resolve their issues while maintaining the highest standards of security and privacy.
About the Role
Lead the application security strategy and implementation for Decagon AI's conversational platform that serves enterprise customers at scale. You'll partner with engineering teams to build security directly into our AI-powered applications, ensuring protection against application-layer threats while maintaining the performance and reliability our customers expect. This role offers the opportunity to apply deep application security expertise to AI systems and shape security practices across our rapidly growing engineering organization.
In this role, you will
Design and implement application security controls across our AI agent platform, including secure coding practices, threat modeling, and vulnerability management.
Collaborate closely with product engineering teams to integrate security throughout the software development lifecycle, from design, coding, PR, and deployment
Establish application security testing programs including static analysis (SAST), dynamic analysis (DAST), and interactive testing (IAST) tailored for AI applications
Lead security code reviews and architecture assessments for new features, with special focus on AI model integration points and customer data handling
Build security tooling and automation to enable developers to identify and remediate vulnerabilities quickly while maintaining development velocity
Respond to security incidents involving application vulnerabilities, coordinating remediation efforts and post-incident improvements
Your background looks something like this
Have 5+ years of hands-on application security engineering experience
Expertise in secure software development practices, including threat modeling, secure code review, and vulnerability assessment
Strong software engineering background with ability to review code across multiple languages and frameworks commonly used in AI/ML applications
Experience implementing application security testing tools and integrating security into CI/CD pipelines
Knowledge of OWASP Top 10, common application vulnerabilities, and modern application security frameworks
Proven track record working with engineering teams to remediate security findings while balancing security and business requirements
Even better
Experience securing AI/ML applications, including prompt injection, model extraction, and adversarial input protections
Background with large-scale, multi-tenant SaaS applications handling sensitive customer data
Familiarity with Google Cloud application security services and container security best practices
Knowledge of enterprise compliance requirements (SOC 2, ISO 27001, GDPR) from an application security perspective
Experience with modern security tools like Semgrep, CodeQL, Cursor Bug Bot, XBOW, or similar
Compensation
$200K – $330K + Offers Equity
Benefits
We proudly offer the following benefits for our full-time employees:
Take what you need vacation policy
Medical, Dental, and Vision benefits for you and your family
Life Insurance and Disability Benefits
Retirement Plan (e.g., 401K, pension)
Parental Leave
Fertility and family building benefits through Carrot
Daily lunches and snacks in the office to keep you at your best
These benefits are described in more detail in Decagon’s policies, may vary by location, and can change at any time according to applicable compensation and benefits plans.
Similar roles
Other open positions you might also be a good fit for.